When it comes to the security of state and local government networks, recent data all points in one direction: vulnerability. At a time when network security is more in the spotlight than ever, state and local governments are expected to keep data private and secure, but the threat of network exposure is more prominent than ever.
By analyzing over 30 million security alerts from its users around the world, Sentinel IPS discovered that 67 percent of state and local government networks triggered critical malware or ransomware alerts, compared to only 39 percent of non-government/education networks.
What does this mean for state and local governments looking ahead to 2016? The data shows several trends emerging for the upcoming year.
David Lissberger is chief executive officer at Sentinel IPS, a managed service that relieves the burden of network security for businesses with its threat management system that is based on active threat intelligence.
Security Trends 2016
Click through for five security trends that will be affecting state and local governments in 2016, as identified by Sentinel IPS.
Threats will continue to evolve and become more sophisticated.
The world of cyber crime and 24/7 threats hasn’t slowed down, and isn’t likely to in 2016. Not only will hackers continue to evolve, they will become more sophisticated, and state and local government networks are among the highest risk. According to Sentinel IPS’s recent data, government and education networks are nearly twice as likely to be infected with malware or ransomware and four times more likely to be infected with Cryptowall.
By hiring someone who knows and can focus on security, governments can protect their networks and avoid having to do damage control after a breach. Although investing upfront in a knowledgeable security staff member may seem expensive on the front end, the alternative is a costly and tedious cleanup after an inevitable hack.
Budget and Staffing
Budget and staffing will continue to shrink.
Small staff teams and restricted budgets aren’t anything new, but while state and local governments attempt to cope with these limitations, they are simultaneously facing the same kinds of threats as large enterprises. Because of this, it’s vital to hire a security professional. But how do you identify the right candidates?
- Detail-oriented – One of the more innate abilities of good security experts is excess attention to detail and conscientiousness. Without being meticulous and thorough, it’s easy to miss what could be a potentially dangerous threat. A great security expert is able to not only understand the information and what it means, but is also able to remain focused.
- Assertive and flexible – A good security team member must recognize the necessity of working irregular hours, recognizing that network security isn’t a routine 9-to-5 job. Equally as important, they should be able to decipher a problem and come up with a solution independently by demonstrating assertive problem-solving skills.
Another route that more industries are considering is outsourcing. By using remotely managed devices, it’s possible to save both money and time while receiving top-level protection. Research outside vendors to help you manage your security; some devices can even replace the need for an extra full-time team member.
Network visibility will become more critical.
As we enter into 2016, network security will only become more prominent, particularly as state and local government networks are at increased risk. According to recent data, 23 percent of government networks triggered BrowseFox alerts, compared to only 5 percent of non-government/education networks.
It takes many technologies to provide all-inclusive security management, and government IT professionals should rethink visibility at every layer of the network and use the appropriate network monitoring tools. As hackers become more educated every day, IT can stay one step ahead by continually checking the network systems and adjusting as necessary.
Training will need to be more regular and thorough.
More and more, hackers are counting on the naiveté or inexperience of the typical employee. By using schemes to trick these employees, hackers can find legitimate methods to enter the network. With new threats appearing on a daily basis, it’s essential that those in the government industry not ignore this. In the past six months alone, 95 percent of all Kovter attacks were in state and local government and education networks.
By focusing on more frequent training, state and local governments can better help protect their networks. While executing such training often falls to someone in the IT department, unfortunately training and educating aren’t typically in the skill sets of IT professionals. Taking this into consideration, a few tips can help lead to effective training:
- Use simplified language.
- Encourage questions.
- Implement routine education.
Assume a Breach
All organizations – regardless of size – will need to assume a breach.
Looking back over 2015, countless security breaches, some high-profile federal breaches and some at the local level, didn’t receive national media attention. According to the Identity Theft Resource Center, almost 28 million personal records were exposed through the first half of 2015 due to government data breaches. And in 2016, there will most likely be more.
For 2016, planning should start from the assumption that a data breach is going to occur. Just because you may be a small organization or are at the local level isn’t a good enough reason to assume you won’t be hacked. You have assets that are most likely important to somebody. By focusing on visibility across your network, you can prepare for the worst and implement a solid disaster recovery plan.